Ignoring GSPRs
Under the EU Medical Device Regulation (MDR 2017/745), Notified Bodies have become extremely strict regarding Risk Management Files.
Failure to update Post-Market Data
The most common mistake is failing to link Risk Controls directly to the General Safety and Performance Requirements (GSPRs). MDR requires explicit evidence that risks have been reduced "as far as possible".
Inconsistent Severity Scales
Another critical failure is treating the RMF as a static document. If your Post-Market Surveillance (PMS) data or PMCF activities reveal new hazards or higher occurrence rates, your RMF must be updated immediately.
Finally, auditors frequently flag inconsistent severity scores. If "Death" is rated a 5 in your hazard analysis, it must remain a 5 in your FMEA. Discrepancies here indicate a lack of QA control.